Not suitable for long-term storage.
831 posts • joined 26 Jul 2007
Not suitable for long-term storage.
Where N can be a rather large number if there's a WAN in between the two*. ...and this is it, a good product should tell you that though you have commanded it to transmit 1Tb of files across a WAN, these are the ones that have made it across the link so far. This is not a criticism of the hardware, but a fact of life concerning the speed of light through a typical broadband connection.
*Which could be a life-saver if you've just been hit with Ransomware, but it is prudent to ensure versioning is available on your chosen product, and that the versions are easily accessible. All very well having the pre-ransomware version of the 1000 files so far encrypted in there, but not if you have to restore them individually.
Not sure if that is a deliberate provocation, but I think it unfair to compare Oracle with Netware.
If Netware had achieved its objectives then we really would not be in the mess we are in today.
(I can elaborate on that, but I have to go on-site now to sort out a networking emergency).
Once upon a time I logged onto a customer's router only to be confronted with an alert from Rapport informing me that I had entered a sensitive keyword. I quizzed the customer about this and he told me that he used the same password for on-line banking. Glossing over the prudence of sharing passwords for the purposes of this comment, knowing this idiosyncracy meant that a hacker would know that the Rapport icon in any browser is a great invitation to run a dictionary attack. I would hope that that vulnerability has now been fixed.
Some years ago I bought hosting and domain from a place [that shall remain nameless] for one of my customers. The customer paid for it by credit card, the site was designed and uploaded.
Roll on a year. Got a reminder from hosting company saying to pay to renew, or else it will be cancelled. I contacted customer "that website, shall I renew it?" Answer came back in the affirmative, so I renwed it using my card.
Roll on another year. Got a reminder from hosting company saying to pay to renew, or else it will be cancelled. I contacted customer "that website, shall I renew it?" This time the answer was no, so I didn't think any more of it.
When my credit card statement arrived I noticed that I'd been charged for it. I contacted the hosting company and my bank to revoke the payment.
Hosting company said that as I had a rolling account with them I had to explicitly cancel the hosting, even though their email said it would be cancelled. They told me rather snottily to read their T's & C's and I was ready to put that one down to experience.
Then a rather curious thing happened: the bank chased me "why haven't you filled out the revocation form we sent you?" I told them that I didn't really have a leg to stand on, but they said "well, we'll keep it open for you, just in case you wish to explore the circumstances thoroughly." Hmm, unusual for the bank to be this amenable, I thought.
So I read their T's & C's and in them was the nugget (paraphrased) saying that in subsequent years hosting fees will be deducted from the credit Card used initially. Initially??!! I immediately filled out the bank's form and sent it off, together with a copy of the T's & C's with that word underlined, pointing out that "initially" the hosting was bought using a different credit card. I got refunded immediately.
Ok it was a technicality, but the deceptive wording on their renewal email deserved it. I really must check to see if they've altered that clause.
The moral is not to be cowed by "the big boys legalese".
To my mind there is no method of tallying an on-line version of T's & C's with a user's tick box response. Tallying in our high-tech world should involve an MD5 hash or equivalent to indicate that the user agrees to this specific version of the T's & C's, because tomorrow the site owner can change the wording and claim that this is what you agreed to.
Surely then they would have to go through the hoops of proving, from the Raw Access Logs of the webserver when the T's & C's were uploaded, and when I visited, but if the website owner has physical access to the site, they can go behind the scenes to change the file.
Returning to the MD5 hash principle of proof: even that is not entirely watertight as collisions are possible, but statistically implausible. The other way is for the website owner to send you a copy of what you've signed by email, or get you to sign a secure document.
Where I suspect there could be this kind of problem I simply save the webpage of the legakese, so I have a contemporaneous record of what I have agreed to.
...Safe from litigation: provided we're talking Serial Comms and not Cereal Bars.
With your implied mention of wear-levelling I would go so far as to say:-
...will end up spread across different physical locations.
In some configurations it is usual for even "read-only" data on a SSD to be shunted around periodically..
I think they've moved on a bit since those times.
I would think that a MITM attack -similar to a Rootkit in principle - would defeat that. Trouble is that in making code versatile to meld with different I/O scenarios, hooks may be exposed which can be hijacked to do something additional to what they were designed to do.
Who knows how many fraudsters are doing precisely that. However, it does seem to be a psychological trait that these people become over-confident in their ability to game the system over a sufficiently long period of time, or brag about it to the wrong person. It only takes one red flag trip-point to trigger and that is it. How will you know if such a threshold has been tripped? You won't, there is no audible alarm, but once it has, data can be painstakingly collected until such time as the evidence is there to turn up on your doorstep and interrupt your plans for the next x years.
I'm sure I would agree with the ones concerning Brexit, Microsoft and Trump.
I got nil-points in that quiz. Which, come to think of it, Norway are pretty good at, if the Eurovision Song Contest is anything to go by.
...a Cartesian Product List
The clue is in the title.
I left that out of my list for the reason given:-
"There are limitations of course, or there would be no incentive to purchase Word."
OpenOffice and LibreOffice are designed to be able to act as a direct Word replacement in most circumstances.
WordPad is proprietary, from the same stable as Word, so there is no ability to see if any of the "stubbed hooks" in there are inadvertantly active in certain situations. Situations that could cause malevolent code to run sufficiently to achieve its objectives.
Running a Windows Update may also affect supporting utilities such as WordPad, whereas there would be no effect on OpenOffice or LibreOffice. Yes, libraries that these two depend on may cause them to break, but prodding such updated libraries with test software will reveal what has changed to cause the problem.
>How do you patch a Windows system so that it's safe to click on a .doc file, and how do you open it without clicking on it.
Use OpenOffice or LibreOffice.
...we all knew he was on the fiddle.
If a manufacturer rejects a batch of devices for QA reasons it should also be possible to trace their disposal through to destruction or decomposition. I suspect many manufacturers skimp on this element of their production process, in which case many of those rejects will appear on sale through unscrupulous traders. Technically they could be considered by some to be "the real deal", they are the genuine article save for the issue of failing QA. However, the accompanying paperwork should indicate this failure.
Because if counterfet goods are returned for refund then it is my understanding that the Credit Card company could be held liable, so they would have a vested interest too.
Anything that is sent though the net could be recorded, stored and played back in decrypted form in due course. So anyone using encryption for nefarious purposes needs to be looking over their shoulders for the day when their messages are cracked.
Simply stated the net is not a safe medium for messages to be transmitted that need forever to be kept secret because any node can be used as an intercept. Multiple layers of encryption might arguably extend that delay (but if using some common mode might also reduce it).
So in a way this whole discussion is focussing on the wrong element in the chain.
Readily spotted with software that knows about Benford's Law
I had two Bad Experiences of doing that.
(1) The bank got raided soon after I deposited my cheques, and I had to really moan at the bank to get my money credited (weeks later), even though I had proof of deposit. (The bank's excuse was that they are not insured against this kind of eventuality).
(2) Used one of those machines where it prints out copies of everything you submit. Ooh good! Except that the bank branch I submitted the cheques to was different to that on the printed receipt. Took an extra day for my account to be credited.
Since then I prefer to queue. Thank you.
It doesn't work with Exchange. I use Mdaemon which gives the flexibility to run an external program as part of its message processing routine, it takes the message filename as a command line parameter and you can then do whatever you want to the message so long as it's fast doing so, and doesn't crash. I use Delphi for anything like this.
I have various customers where I've installed a program where the mail server disables links that are embedded in html. Works well apart from the occasional gripe that the link has to be copied, pasted and edited before it can be accessed.
It really is impossible these days to judge the bona fides of senders. For instance, would you associate zapiermail.com as being genuinely coming from Facebook? And, if you are used to that state of affairs, how would you know if it was spoofed to appear as if it was coming from Facebook?
A big moan I've mentioned in these columns before is BT's use of custhelp.com to offer help to their customers. Last time I looked custhelp.com was registered to Oracle, but if you're not an IT person that doesn't mean a thing.
Charging money for sending emails is not viable for various reasons. However, the concept of charging *processing time* is a good one, because it wastes spammers time. See "Hash Cash" for the principle involved.
Tarpitting and Greylisting are available techniques for slowing down, or forcing a spammer to repeat their submission respectively, but I've found that many mail servers are configured not to tolerate these techniques. Cloud email used by legitimate senders in particular thwarts greylisting because each time an email is resent from a cloud service it likely comes from a different IP address to the previous message which means that the recipient mail server thinks it is from a different source.
2) Feed anything that hits that address straight into SpamAssassin or whatever it is that you use to score your emails with.
"Why in the world would someone NOT be using 2FA if they were using it for important work???"
I suspect a significant number of people disable 2FA if they are working on a pc they trust.
Where is that "trust" stored? I suspect due to the variety of elements involved it will be some kind of Cookie on the user's pc. If so, does that sound secure?
Surely that gives hackers insight as to whether they have hit a valid username?
Question: Does the entire login process "bind" into one "session"? If it doesn't, then is there not the possibility that the Username and Password could be submitted using different IP addresses, which must be rejected for security reasons? If so, this would be frustrating when trying to login using a mobile device, when on the move.
Yes, it's very helpful for hackers, as they can type username, find that that doesn't exist, then try another username.
That's where they are getting this statistic from:-
"We've done a lot of testing of this design and our telemetry shows that people are able to sign in with a notably higher success rate using this approach,"
Steer clear of the daf's too:-
Money on/for old rope
...with the quantity of marketing bumpf with special offers that comes through the door.
I regularly get stuff through the post from Virgin, BT and TalkTalk. How many people here have received such material from the likes of AAISP or Zen?
There's nothing to beat personal recommendation, but be careful, the top performing companies can reach a limit to their growth or decide to sell out to some company that doesn't have the same kind of respect for their customers. (I speak from bitter experience).
Well worthy of a visit.
Two areas stuck out in my mind as places you don't want to dwell too long in:-
(1) The difficulty of breathing whilst in the Battery Room.
(2) The Contactor Room. Trains were not "driven": full power was either applied to a vehicle, or not, in order for it to move or stop. The explosive arcing coming from contactors that controlled the trains were within feet of where we were standing was both deafening and blinding.
I'm sure that these two facets will be made less "in yer face" to comply with H&S.
I do agree wholeheartedly that Wireshark really is the definitive way to know what is being sent down the line.
Two points though:-
The current vogue for encryption of data, even in circumstances where you really do need to know what is being sent out with your name on it, make it difficult to work out what data is actually being sent. Is it just the "wake-up" call, or is it that plus one juicy tid-bit per message, such as a user-name/password combination stored in a "to send under the radar" buffer using Steganography techniques, which can easily be disguised as handshaking?
The other way is that if a designer of the system, wanting to get data out of it surreptitiously, could be done as an "encrypted digest" at midnight - to which the official response would be "oh yes it needs to sync with time servers at midnight." Which means your Wireshark session needs to be active for days at a time to rule out such a possibility.
Does this mean that Uber will be ditching cars and fullfilling services using HGV's
You may recall that HP were masters of overpackaging. Who can forget*:-
*(complete with Playmobil and prescient mention of überbox)
Or maybe it was less than the minimum acceptable length.
It is possible that the roomba had great fun designing Crop Circle designs in your bedroom carpet and you would never know it unless you were to get up on a step-ladder and look down.
You know how this device goes off exploring the floor-space in your living accommodation? It might just do the same with your WiFi. What SSID's are in the vicinity? Let's try logging in using a dictionary of common passwords. BTW if you drop your credit card on the floor and the device detects either the characters on the card, or can read the magnetic strip then the fall-back is to login to OpenZone or similar.
A bit far-fetched maybe today, but in a few year's time people will be tying down their IoT's to prevent them going walkabout when their owners are out at work.
Do they have to use a Tasmanian Devil instead?
Is it my imagination or does Google make it difficult to find things that were previously easy to find?
Who remembers - I think it was Olympus - demonstrating how good their cameras were? Someone had taken a monochrome portrait photo in a street in America. Look closely to the top right of the photo and there was a piece of paper stuck to a window. Zooming in on this, it was easy to see a message had been scrawled "Help Me", or similar. The photographer called the police and they found a kidnapped man in the room where the message was shown. Sadly they were too late to save the man.
Certain I didn't imagine the existence of this image, can anyone provide a link? (Guaranteed upvote, or virtual pint as thanks!)
...the guy would still be in there ("not gonna get caught by Beadle - no way").
*showing my age
Be careful if you ask a question about this in the supermarket.
You may be pointed in the direction of the pharmacy section.
Biting the hand that feeds IT © 1998–2017